From patchwork Tue Jul 24 18:10:49 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: fix wpa group rekeying
From: michael-dev@fami-braun.de
X-Patchwork-Id: 172993
Message-Id:
To: ,
Date: Tue, 24 Jul 2012 20:10:49 +0200
Hi,
I'm currently facing
wpa_group_setkeys: Unexpected GKeyDoneStations=2 when starting new GTK
rekey
warnings with two STAs connected in different VLANs, but only
wpa_group_setkeys: GKeyDoneStations=1 messages.
I can only explain this with wpa_group_update_sta being called multiple
times per sta, as GKeyDoneStations is only incremented there and after
each wpa_group_setkeys, the GKeyDoneStations of the driven group is
correct (= the number of stas in the processed vlan).
Looking at wpa_auth_for_each_sta and its for_each implementation on
wpa_auth_glue.c, I find that this code iterates over all sta and not
just those of the given group. This can be verified by printing debug
messages in wpa_group_update_sta giving the group vlan_id, which shows
both vlans (of both stas) in each wpa_group_setkeys call.
Please find attached a patch that fixes this by giving the group
pointer as callback context in wpa_group_setkeys and let
wpa_group_update_sta skip those stas that are not in the correct group.
It works for me and fixes the wpa group keying issues seen before.
Signed-hostap: Michael Braun
Regards,
M. Braun
--- hostapd-20120707/src/ap/wpa_auth.c 2012-07-24 18:39:46.478606571 +0200
+++ hostapd-20120707/src/ap/wpa_auth.c 2012-07-24 18:40:42.686680840 +0200
@@ -2416,6 +2416,9 @@ static void wpa_group_gtk_init(struct wp
static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
{
+
+ if (ctx != sm->group) return 0;
+
if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
"Not in PTKINITDONE; skip Group Key update");
@@ -2470,7 +2473,7 @@ static void wpa_group_setkeys(struct wpa
group->GKeyDoneStations);
group->GKeyDoneStations = 0;
}
- wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
+ wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
group->GKeyDoneStations);
}